Write a thin wrapper around the standard Django auth backend

2026-03-10 14:09:28 -02:30 · 2021-05-07 14:37:39 -04:00
parent 26b7e9de40
commit 5c664eadf9
3 changed files with 16 additions and 1 deletions
--- a/awx/main/backends.py
+++ b/awx/main/backends.py
@@ -0,0 +1,14 @@
+import logging
+
+from django.conf import settings
+from django.contrib.auth.backends import ModelBackend
+
+logger = logging.getLogger('awx.main.backends')
+
+
+class AWXModelBackend(ModelBackend):
+    def authenticate(self, request, **kwargs):
+        if settings.DISABLE_LOCAL_AUTH:
+            logger.warning(f"User '{kwargs['username']}' attempted login through the disabled local authentication system.")
+            return
+        return super().authenticate(request, **kwargs)
--- a/awx/settings/defaults.py
+++ b/awx/settings/defaults.py
@@ -364,7 +364,7 @@ AUTHENTICATION_BACKENDS = (
    'social_core.backends.github_enterprise.GithubEnterpriseTeamOAuth2',
    'social_core.backends.azuread.AzureADOAuth2',
    'awx.sso.backends.SAMLAuth',
-    'django.contrib.auth.backends.ModelBackend',
+    'awx.main.backends.AWXModelBackend',
 )


--- a/awx/sso/fields.py
+++ b/awx/sso/fields.py
@@ -196,6 +196,7 @@ class AuthenticationBackendsField(fields.StringListField):
                ],
            ),
            ('django.contrib.auth.backends.ModelBackend', []),
+            ('awx.main.backends.AWXModelBackend', []),
        ]
    )